Hacker News new | past | comments | ask | show | jobs | submit login

Right, then, so these aren't really security tests. I'm suggesting you reword that bit on your page; passing test vectors doesn't make something more trustworthy; it's table stakes.

I'm not saying you shouldn't write tests for misuse cases! You should do that.

Okay, what's a security test? How is it any different from a mere correctness test? Can you suggest some link to read up, or some tool to use?

See e.g. https://github.com/google/wycheproof

Fuzzing tests can also uncover weird bugs and edge cases that can lead to vulnerabilities.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact